How to Secure Your TradeLyser Account

Your TradeLyser account holds broker connections, trade history, journal notes, and performance analytics. A compromised login could expose sensitive trading data or allow someone to disconnect integrations and export your log. This guide walks through practical steps to secure your TradeLyser account: password hygiene, two-factor authentication (2FA), active session management, login alerts, and a repeatable monthly security routine.

Security at TradeLyser is layered. No single toggle replaces good habits—but enabling every recommended control dramatically reduces risk, especially if you journal from multiple devices or use shared networks.

What account security protects

TradeLyser stores:

Identity data — Email, profile, subscription status
Broker authorization — OAuth tokens or API credentials used for sync
Trading records — Imported and synced trades, tags, ratings, notes
Analytics — Dashboards, reports, equity curve, drawdown metrics

Securing the login protects all of this. Broker passwords themselves stay with your broker; TradeLyser never needs your trading PIN for daily use after OAuth—but your TradeLyser password still gates access to everything visible in the app.

Step 1: Use a strong, unique password

Requirements and recommendations

Minimum 12 characters; longer passphrases (16+) are better
Mix uppercase, lowercase, numbers, and symbols
Unique to TradeLyser — never reuse a broker or email password
Store in a password manager (Bitwarden, 1Password, etc.)
Rotate after any suspected breach or if you shared it accidentally

How to change your password

Sign in to TradeLyser at tradelyser.com.
Open Settings → Security (or Account → Password).
Enter your current password, then the new password twice.
Click Save or Update Password.
You may be signed out of other devices—expected after a password change.

If you registered with Google Sign-In, your Google account password protects access; still enable 2FA on Google and review Manage Sessions in TradeLyser.

Step 2: Enable two-factor authentication (2FA)

2FA requires a second proof (authenticator app code) in addition to your password. It blocks most credential-stuffing attacks even if your password leaks.

Set up authenticator app 2FA

Go to Settings → Security.
Find Two-Factor Authentication → Enable.
Scan the QR code with Google Authenticator, Authy, or Microsoft Authenticator.
Enter the 6-digit code to confirm.
Download backup codes and store them offline (not in email).

Pro and team accounts

Some plans require 2FA for all users. If you see a banner prompting enrollment, complete setup before the deadline to avoid login restrictions.

Lost authenticator?

Use a backup code once, then re-enroll 2FA immediately. If you lack backups, contact support@tradelyser.com from your registered email with identity verification steps support provides.

Step 3: Review and end active sessions

Unknown devices logged into TradeLyser are a top indicator of unauthorized access.

Open Settings → Security → Active Sessions.
Review each row: device name, browser, approximate location, last activity, IP.
Your current session is highlighted.
Click End Session on any device you do not recognize.
Use Sign Out All Other Sessions after password changes or travel.

Full walkthrough: Manage Active Login Sessions.

When to end sessions immediately:

Login from an unfamiliar city or country
Old laptop or phone you sold
Public computer at a café or library
After login alert emails you did not trigger

Login alerts email or push you when a new device or unusual location signs in. They do not block access by themselves—they give you time to react (change password, end sessions).

Settings → Security → Login Notifications.
Enable Email on new device, Unusual location, and Browser notification if available.
Save settings.

Details: Enable Login Alerts.

Step 5: Verify email and recovery options

Confirm your primary email is correct under Settings → Profile.
Add a recovery email if the product supports it.
Keep Gmail OAuth users’ Google account recovery phone current.

Recovery email is how support validates ownership if you are locked out.

Step 6: Secure broker connections separately

TradeLyser broker links use OAuth or API keys. Account security also means:

Reconnect brokers after password changes at Zerodha, Fyers, etc.
Revoke old API keys in the broker developer portal when rotating
Never paste API secrets into chat, screenshots, or public forums

If sync fails after securing TradeLyser, see Broker Connection Failed and Trades Not Syncing—distinct from login security but often confused.

Monthly security checklist

Task	Frequency
Review active sessions	Monthly
Confirm 2FA enabled	Monthly
Check login alert toggles	Monthly
Update password if shared device used	As needed
Audit connected broker accounts	Quarterly
Read login notification emails	Every time

Pair this with Review Security Settings for a structured audit.

Security best practices for traders

Devices and networks

Avoid journaling on public Wi‑Fi without a VPN; prefer mobile hotspot.
Enable screen lock on phones used for TradeLyser.
Log out on shared PCs; do not use “Remember me” on borrowed machines.

Phishing awareness

TradeLyser support will never ask for your password or 2FA code in email.
Bookmarks should be https://tradelyser.com only.
Report suspicious emails to support.

Mentee and shared access

If you grant mentee access, use minimum permissions and revoke when coaching ends. Mentees are not a substitute for strong personal account security.

What to do if you suspect unauthorized access

Change your TradeLyser password immediately.
Sign out all other sessions in Security settings.
Review login history and enable alerts if off.
Reconnect brokers with fresh OAuth if you see unknown API activity at the broker.
Email support@tradelyser.com with timestamps and screenshots.
Check trades log for exports or bulk deletes you did not perform.

Security settings map (where to click)

Setting	Location	Purpose
Password	Settings → Security	Credential rotation
2FA	Settings → Security	Second factor
Active sessions	Settings → Security	Device logout
Login alerts	Settings → Security	Email on new login
Profile email	Settings → Profile	Recovery and alerts
Broker accounts	Settings → Accounts	OAuth/API scope
Email prefs	Settings → Notifications	Deliverability

Bookmark this table for onboarding team members or family who share office space but maintain separate journals.

Registering securely (new users)

If you are setting up TradeLyser for the first time:

Prefer Sign in with Google only if that Google account already has 2FA.
Otherwise use a unique email password managed in a password manager.
Complete email verification before connecting brokers.
Enable login alerts on first login—do not defer.
Connect one broker, verify sync, then add others (add multiple accounts).

Starting secure avoids painful retrofits after you have six months of trade history in the journal.

Frequently asked questions

Does TradeLyser store my broker password?

No for OAuth brokers—you authorize on the broker site. API-key brokers store encrypted keys for sync only; rotate keys at the broker if compromised.

Is 2FA required for all users?

Recommended for everyone; some Pro or team plans enforce it. Enable voluntarily even when optional.

Your Google account becomes the gate. Secure Google with 2FA and monitor Google’s device activity. TradeLyser session list still shows app logins.

Will ending a session delete my trades?

No. It only logs that device out. Trades and settings remain.

Can someone access my account if connection failed?

Connection failures are broker authorization issues, not proof of account hijacking. Still review sessions if you see unexplained login emails.

How often should I change my password?

Every 6–12 months for routine hygiene, or immediately after suspicion, public PC use, or staff turnover on a shared machine.

Does securing TradeLyser encrypt my data?

Credentials and sensitive fields are encrypted at rest; transport uses HTTPS. Your responsibility is protecting the login that decrypts access in the UI.

Locked out after enabling 2FA?

Use backup codes once, then reconfigure 2FA. Contact support from your registered email if locked out entirely.

Quick troubleshooting

Issue	Action
Locked out	Recovery email or support@tradelyser.com
2FA code invalid	Sync phone time; use backup code
Unknown session	End session; change password
Alerts not arriving	Check spam; verify email in profile
Sync broke after security change	Reconnect broker

Need help? Email support@tradelyser.com or use Contact Support with your registered email and a description of the security concern—never send passwords or 2FA codes.

What account security protects​

Step 1: Use a strong, unique password​

Requirements and recommendations​

How to change your password​

Step 2: Enable two-factor authentication (2FA)​

Set up authenticator app 2FA​

Pro and team accounts​

Lost authenticator?​

Step 3: Review and end active sessions​

Step 4: Enable login alerts​

Step 5: Verify email and recovery options​

Step 6: Secure broker connections separately​

Monthly security checklist​

Security best practices for traders​

Devices and networks​

Phishing awareness​

Mentee and shared access​

What to do if you suspect unauthorized access​

Security settings map (where to click)​

Registering securely (new users)​

Frequently asked questions​

Does TradeLyser store my broker password?​

Is 2FA required for all users?​

I use Sign in with Google—do I still need a TradeLyser password?​

Will ending a session delete my trades?​

Can someone access my account if connection failed?​

How often should I change my password?​

Does securing TradeLyser encrypt my data?​

Locked out after enabling 2FA?​

Related guides​

Quick troubleshooting​